Phase two HIPAA audits have begun

paubox hipaa

Phase Two of the Office of Civil Right’s (OCR) HIPAA audit program, which started about four months ago, is in full swing with some covered entities having received notification letters this past Monday.

167 organizations now know they will be participating in the desk audit portion of the audit program. The desk audits will examine the selected entities’ compliance with HIPAA Privacy, Security, and Breach Notification Rules.

What is a desk audit?

Desk audits are one of the ways the OCR can assess HIPAA compliance and see if there are any risks or vulnerabilities to compliance programs and processes that may be in place. It’s during desk audits that an organizations documents are reviewed for compliance with the following requirements of the HIPAA Rules:

  • Privacy Rule
    • Notice of Privacy Practices & Content Requirements
    • Provision of Notice – Electronic Notice
    • Right to Access
  • Breach Notification Rule
    • Timeliness of Notification
    • Content of Notification
  • Security Rule
    • Security Management Process – Risk Analysis
    • Security Management Process – Risk Management

The OCR selected these requirements after their pilot audits and history of enforcement showed they were frequent areas of noncompliance.

What’s next for HIPAA audits?

After the desk audits are completed, some covered entities will be subject to an onsite audit. Onsite audits can take 3-5 days and are more comprehensive than desk audits, covering a wider range of requirements.

After audits are completed, OCR will review and analyze information collected and provide audit reports. The audit reports won’t clearly identify the audited covered entities, but records can be requested under the Freedom of Information Act. If audit reports reveal any serious compliance issues, then OCR can investigate further via a compliance review.

For more information, visit the OCR HIPAA audit website.

Try Paubox Email Suite for FREE today.

About the author

Hoala Greevy

Founder CEO Paubox. Kayak fishing when I can.

Read more by Hoala Greevy

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport